CVE-2025-8225 — Missing Release of Memory after Effective Lifetime in Binutils

CWE-401 — Missing Release of Memory after Effective Lifetime CWE-404 — Improper Resource Shutdown or Release CWE-772 — Missing Release of Resource after Effective Lifetime10 documents8 sources

Severity

4.8MEDIUMNVD

EPSS

0.0%

top 91.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Binutils

Timeline

PublishedJul 27

Latest updateDec 1

Description

A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages3 packages

▶Debiangnu/binutils< 2.45-3

▶CVEListV5gnu/binutils2.44

▶NVDgnu/binutils2.44

Patches

Patch: gitlab.com ↗

🔴Vulnerability Details

OSV

binutils vulnerabilities↗2025-12-01

▶

GHSA

GHSA-q2gw-9mg2-9rh3: A vulnerability was found in GNU Binutils 2↗2025-07-27

▶

OSV

CVE-2025-8225: A vulnerability was found in GNU Binutils 2↗2025-07-27

▶

CVEList

GNU Binutils DWARF Section dwarf.c process_debug_info memory leak↗2025-07-27

▶

📋Vendor Advisories

Ubuntu

GNU binutils vulnerabilities↗2025-12-01

▶

Ubuntu

GNU binutils vulnerabilities↗2025-10-29

▶

Red Hat

binutils: Binutils DWARF Section Handler Memory Leak↗2025-07-27

▶

Microsoft

GNU Binutils DWARF Section dwarf.c process_debug_info memory leak↗2025-07-08

▶

Debian

CVE-2025-8225: binutils - A vulnerability was found in GNU Binutils 2.44 and classified as problematic. Th...↗2025

▶